CrowdStrike Achieves 99% Detection Coverage in First-Ever MITRE Engenuity ATT&CK Evaluations for Security Service Providers

AUSTIN, Texas--(BUSINESS WIRE)--CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced its results in the first-ever MITRE Engenuity ATT&CK Evaluations for security service providers. The CrowdStrike Falcon^® platform achieved 99% detection coverage of adversary behavior (reporting 75 of the 76 adversary techniques) out of the 16 vendors evaluated.

This inaugural round of MITRE ATT&CK Evaluations tested vendors by emulating the tactics, techniques and procedures (TTPs) of OilRig (also known as HELIX KITTEN), the adversary group with operations aligned to the strategic objectives of the Iranian government. Vendors were asked to accurately identify malicious activity and associate it to the adversary and corresponding steps in the MITRE ATT&CK framework. Unique to the evaluation, MITRE employed a closed book version of adversary emulation, whereby vendors did not know the adversary until after the execution was complete.

The CrowdStrike Falcon platform shined in MITRE’s evaluation with its Managed Detection and Response (MDR) offering – CrowdStrike Falcon Complete – which is rooted in industry-leading Endpoint Detection and Response (EDR), eXtended Detection and Response (XDR) and Managed Threat Hunting capabilities. The CrowdStrike Falcon platform identified the tradecraft of the emulated adversary (HELIX KITTEN) within minutes, resulting in superior detection coverage to drive rapid, end-to-end response. Speed is critical, as the average breakout time (i.e. the time, on average, it takes an adversary to move laterally from initial compromise to other hosts within the victim environment) is 84 minutes according to the 2022 Falcon OverWatch Threat Hunting Report.

“We believe MITRE's evaluation demonstrates why CrowdStrike is a clear leader in EDR/XDR, whether our capabilities are delivered as a fully managed service from CrowdStrike or our network of MSSP partners, or operated independently by our customers. The closed book test provides an opportunity to show how security platforms operate against adversary tradecraft in a real-world setting, as vendors have no prior knowledge to guide their actions,” said Michael Sentonas, chief technology officer at CrowdStrike. “Achieving a near 100% detection coverage further validates our platform’s effectiveness and ease of use, as well as our pioneering MDR services, which are trusted to stop breaches for thousands of organizations worldwide.”

Additional Resources

• CrowdStrike will host a webinar on Thursday, November 10 at 8 a.m. PT for an in-depth overview of the MITRE Engenuity ATT&CK Evaluations for Security Service Providers.
• For more information on CrowdStrike’s results and CrowdStrike Falcon Complete, please visit the blog.
• For full results and more information about the evaluations, please visit the MITRE Engenuity website.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

About CrowdStrike

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2022 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.